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DETAILED ACTION 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth 
in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
4/17/06 has been entered. 

2. The Amendment, and remarks therein, received on 2/07/06 have been entered and 
carefully considered. 

Response to Amendment 

3. Applicant's arguments have been carefully considered but they were not found 

persuasive. 

4. Applicant arguments essentially contest an issue of a newly introduced limitation. 
Applicant suggests that the table associating a broadcast key and that is local to the 
access point is not present in the art of record. 

5. The examiner points applicant to col. 13 lines 9-17: "When transfer data are 
generated at the source terminal, a broadcast packet is sent to the wireless base 
station 7-6 (9-1). Packet encrypting section 12 in the wireless base station 7-6 
selects a VLAN-kev from a group of encrvotion kevs received from the terminal 
authentication section 10 (9-2), and encrvpts the broadcast packet (9-3), and sends 
the encrypted broadcast packet to all the packet terminals (9-4)" and to col. 16 lines 
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28-37: "Packet decoding section 13 in the wireless base station 7-6 decodes the • 
encrypted pacl<et using the VLAN-kev without discriminating unicast/broadcast or 
multicast packets . Subseouent steps are the same as those in Embodiment 3. 
Wireless base station 7-6 discards received data packet if it has been tampered, and 
if the received packet has not been tampered and the identity of VLAN-ID and 
source address is registered in the terminal information (that is part of the access 
point, see Fig. 2), it is sent to the destination terminal specified in the destination 
address 4-1 (12-2). 

This clearly suggests that the access points utilizes the same data as disclosed in 
Table 2 and Table 3 that associates a broadcast key with a VLAN. In addition, the 
examiner points out that the idea of caching tables on various devices in order to 
make the process of data retrieval more efficient is old and well-known in the art of 
computing (e.g. DNS Caching only Servers). Thus, if not inherent, it would have 
been at least obvious to one of ordinary skill in the art at the time of applicant's 
invention to store (cache) a table associating a broadcast key with a VLAN (as 
disclosed in Table 3 used by the authentication server) at the access point given the 
benefit of more efficient access to data utilized by the access point. 

6. Claims 1, 3, 5, 8-10, 12, 14, 16-17, 19-22 have been examined. 

Claim Objections 

7. Claim 21 is objected to because of the space missing between "Virtual Local Area 
Networks" and "(VLANs)". 
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Appropriate correction is required. 

Claim Rejections - 35 USC §112 

8. Claims 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter that applicant 
regards as the invention. 

9. It is not clear what is the subject of the phrase: "local to the access point", e.g. a 
table, a broadcast key or a VLAN. In the Remarks applicant suggests that it is a 
table that is local to the access point. As a result, the limitation is treated according 
to this interpretation. However, applicant should amend the claim language to clarify 
the claimed subject matter. 

Appropriate correction Is required. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C.. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl^iil in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. CIaims 1,3, 8, 10, 12. 17 and 19-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ichikawa et al. (U.S. Patent No. 6307837) in view of Kerberos as 
illustrated by De Clercq et al. (Jan De Clercq and Micky Balladelli "Windows 2000 
Authentication", March 2001, Digital Press). 
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As per claims 21-22 Ichikawa et al. teach a wireless LAN (VLAN subnets, Fig. 1 and 
col. 7 lines 1-5). Icfiil<awa et al. teach "a wireless access point configured to send 
and receive wireless signals from a wireless station and responsive to an 
association request from the wireless station to authenticate the wireless station with 
an authentication server" (Ictiikawa etai, col. 7 line 49-col. 8 line 10) and "the 
access point is responsive to receiving a VLAN identifier for the wireless station to 
ascertain an appropriate broadcast key corresponding to the received VLAN 
identifier'Yco/. 12 lines 44-61) (See the last Office Action for details). 

1 1 . Ichikawa et al. teach the access point (the wireless base station) selecting a 
broadcast key (VLAN -key) as discussed above but do not explicitly teach a lookup 
table containing broadcast key values corresponding to VLAN identifiers (VLAN-id). 
However, Ichikawa et al. disclose that access point (the wireless base station) 
checks a VLAN identifier, the source address and selects an appropriate broadcast 
key from a group of encryption keys in order to decrypt encrypted broadcast data 
from the wireless station (col. 10 lines 42-46, col. 12 lines 44-54, col. 13 lines 12-15). 
Thus, It is clear that the access point must have a lookup table like structure similar 
to lookup table 1 (col. 8) in order to retrieve the information discussed above. 

12. Ichikawa et al. do not explicitly teach that an authentication server sends a session 
key to the wireless station. 

Kerberos use the authentication server that provides session keys to network clients 
(Key Distribution Center (KDC), e.g. The introduction, "Step 1: Kerberos 
authentication is based on symmetric key cryptography" section and Fig. 9) 
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As well known in the art session keys provide means for secure communication 
where data exchanged between the communicating parties is encrypted. Also, 
session keys are valid only for the particular session and compromising a session 
key does not impact the security of the previous and the future data exchange. 
Furthermore, Kerberos provides scalability and ensure central administration, which 
is particularly beneficial since the network clients are often installed and kept in an 
unsecured environment. Given these benefits it would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to use centralized 
authentication server to provide session keys to a network client such as wireless 
workstation taught by Ichikawa et aL 

The examiner points out that the wireless stations are connected to the network via 
access points thus any data sent to the wireless station will be received by the 
appropriate access point that then sends data to the wireless station. 

^3. Ichikawa et aL do not explicitly teach encrypting the broadcast key with the session 
key. However, the limitation is implicit. The broadcast key is to encrypt broadcast 
data in order to protect the data confidentiality. Sending the broadcast key 
unencrypted defeats the purpose of the security since obtaining the "unprotected 
broadcast key" jeopardize the confidentiality of the encrypted broadcast data. 

14. Ichikawa et al. do not explicitly teach that the table associating a broadcast key with 
a VLAN is stored locally to the access point. However, Ichikawa et aL clearly 
disclose that the access points utilizes the same data as disclosed in Table 2 and 
Table 3 associating a broadcast key with a VLAN (coL 13 lines 9-17 and coL 16 lines 
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28-37). In addition, tlie examiner points out that tlie idea of cacliing tables on various 
devices in order to make the process of data retrieval more efficient is old and well- 
known in the art of computing (e.g. DNS Caching only Servers). Thus, if not 
inherent, it would have been at least obvious to one of ordinary skill in the art at the 
time of applicant's invention to store (cache) a table associating a broadcast key with 
a VLAN (as disclosed in Table 3 utilized by authentication server) at the access 
point given the benefit of more efficient access to data utilized by the access point. 

15. As per claims 8 and 17 Ichikawa et al. teach the network using an IP address 
scheme (col. 21 lines 37-52 and col. 24 lines 33-36). 

16. Claims 1,3, 8, 10, 12, 17 and 19-20 are substantially equivalent to claims 21-22; 
therefore claim 1,3, 8, 10, 12, 17 and 19-20 are similarly rejected. 

17. Claims 5 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ichikawa et al. (U.S. Patent No. 6307837) in view of in view of Kerberos as 
illustrated by De Clercq et al. (Jan De Clercq and Micky Balladelli "Windows 2000 
Authentication", March 2001, Digital Press) in further in .view of Johnson et al. (U.S. 
Pub. No. 20010014088). 

Ichikawa et al. in view of Kerberos teach a wireless station as discussed above. 

1 8. Ichikawa et al. in view of Kerberos do not explicitly teach that the wireless station 
operates in accordance with the IEEE 802.11 standard. 

Johnson et al. teach wireless stations operating in accordance with the IEEE 802.1 1 
standard (Johnson et al., col. 1 lines [4]). 
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It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to operate Ichikawa et al. in view of Kerberos' wireless stations in 
accordance with the IEEE 802.1 1 as taught by Johnson et al. One of ordinary skill in 
the art would have been motivated to perform such a modification in order to 
minimize data packet collisions. 

19. Claims 9 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ichikawa et al. (U.S. Patent No. 6307837) in view of in view of Kerberos as 
illustrated by De Clercq et al. (Jan De Clercq and Micky Balladelli "Windows 2000 
Authentication", March 2001, Digital Press) in further in view of Ke etal. (U.S. Pub. 
No. 20030041266). 

Ichikawa et al. in view of Kerberos teach a mobile IP VLANs as discussed above. 

20. Ichikawa et al. in view of Kerberos do not explicitly teach a step of tagging data to 
which VLAN the data belongs. 

Ke et al. teach tagging (Ke et al. [34]). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to tag data to which VLAN the data belongs, as taught by Ke et al. One of 
ordinary skill in the art would have been motivated to perform such a modification in 
order to allow traffic to be mapped into a particular VLAN (Ke et al. [34]). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Peter Poltorak whose telephone number is 
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(571) 272-3840. The examiner can nomiaily be reached Monday through Thursday 
from 9:00 a.m. to 4:00 p.m. and altemate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Jacques Louis Jacques can be reached on (571)272-6962. 
The fax phone number for the organization where this application or proceeding is 
assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomnation for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




